DNS requests are not working
Team,
I have a customer who is using 6 of these ER605-V2 routers.
We can not get DNS working on all 6 - even with just one additional vlan (beside the default management vlan 1).
The things we tried:
* Tried with Google and Cloudflare DNS servers on WAN and LAN site (with or without DHCP)
* Disable DHCP on the LAN-site and use Pihole/dnsmasq as DHCP and DNS server
* Proxy with DoH to Cloudflare
* Factory reset and running in standalone mode (with and without DHCP on LAN-side)
* Ping and tracert executed by the router itself
* Replaced one ER605 with an ER707-M2
Only the ER707 setup is working as expected.
It looks like all the ER605 routers are blocking all DNS requests - regardless its settings.
As if there is some hidden ACL-rule blocking all DNS traffic.
Please advice - where to go from here?
With warm regards - Will
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
My guess its a different (real!) issue. And with the right problem description.
I'm running a single ER605 now and still the same issue.
On the WAN-side I'm using DNS-servers from Cloudflare.
On the LAN-side I have activated DHCP with auto DNS and gateway.
Still not able to do DNS resolving.
However, ping-ing IP addresses works as expected.
This is also the situation when all ER605 routers are running.
- Copy Link
- Report Inappropriate Content
have you physically disconnected all routers from the network except 1, have you restarted the router? if there were problems with dns as you describe, the forum would be filled with messages about this problem, there are probably thousands of such routers. so it's strange.
- Copy Link
- Report Inappropriate Content
All ER605 routers are switched off (but still connected). Then only one is powered-on.
For this customer, I have arranged remote powercycles
All tests are done with this single router (combined with the ER707).
And only DNS is failing - routing seems to work as expected.
- Copy Link
- Report Inappropriate Content
this is becoming more and more of a mystery, can you describe how you wired up your workbench? If I have understood you correctly, there is still no problem with the ER707, only the ER605?
- Copy Link
- Report Inappropriate Content
Yes - only problems with the ER605 routers
Sure - will make a drawing later today - but for now:
Internet === WAN - Box12 (ISP) - LAN === LAN - Omada switch - LAN === WAN - Omada routers - LAN === Omada switches with Proxmox hosts and wifi clients
There is this Box12 from ISP-KPN hooked up with an Omada switch. All Omada routers are connected via this switch.
On this Omada switch, the respective router ports are configured with PVID 4080 untagged.
This is to make sure these ports are seen as an extension of the LAN ports of Box12.
And not interfering with the Omada management vlan (i.e. vlan 1 with subnet 192.168.3.0/24)
If the WAN-port connected to this switch uses DHCP it wil get an IP address from the DHCP server from Box12 => something in subnet 192.168.2.0/24.
If the WAN-port has a hardcoded public IP address that is part of a certain public IP pool, it will be connected to the internet via this IP address.
All this is working as expected - except the DNS part. And only for the ER605 routers - even if it is the only one.
- Copy Link
- Report Inappropriate Content
I'm pretty sure you've run into the same problem I had. if I had to guess, you have an ER605 as the main router and a switch to which all the other ER605 are connected, I have not tested what happens if you connect the wan on an er605 to the lan on another er605. maybe it's the same problem. so my suggestion is when you physically get to the routers try connecting the wan on an er605 to the lan on the er707 I'm almost 100% sure it will work. make sure there is no ip conflict between er707 and er605.
try something like that when you is onsilte.
internet---wan on er605 lan---switch---wan on er707 lan---wan on er605..
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
ok, yes i'm out of ideas. but when you get onsite try connecting an er605 wan to the lan port on the er707. we can also rule out dns problems with er605, had there been a problem like yours thousands would have reported this on the forum. I myself have 3 er605 and they work as they should. so something else is the problem.
Unfortunately, I don't have two identical routers now, otherwise I would have tested a bit.
If I come up with something, I'll let you know., and if you find the solution to the mystery, I hope you will update us on the forum :-)
I'm following this thread so just shout if there's anything I can contribute..
- Copy Link
- Report Inappropriate Content
Just connected the ER605 with WAN-DHCP to the ISP router.
Meaning it receives an IP address in the subnet of the LAN-side of the ISP-router.
Everything is working as expected; including DNS and even with double-NAT.
Switching back to a fixed public WAN-IP as part of a predefined pool and the problems are back.
Will try later today with 2 or 3 of these routers wit the same settings and see what happens.
- Copy Link
- Report Inappropriate Content
It looks like we found the root-cause: the ISP router.
We did a factory reset of this router and configured everything from scratch.
We are now working on bringing the bench back to its original setup with its dito settings - so-far-so-good.
Will keep you posted.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 2086
Replies: 29
Voters 0
No one has voted for it yet.